Lucene search
+L

1403 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-37609

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the drm/atmel-hlcdc component. The atomic destroy state callback fails to free all necessary objects, specifically drm crtc commit objects, by only releasing the...

5.5CVSS5.4AI score0.00114EPSS
Exploits0
Snyk
Snyk
added 2026/05/04 3:2 a.m.7 views

Malicious Package

Overview @apple-pay-trust/destroy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 3:2 a.m.13 views

Malicious code in @apple-pay-trust/destroy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6515019a886959d905d728f0fdcebeb16aa3e62bcf2e2643c0424ba87aeb8f79 The package @apple-pay-trust/destroy was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 3:2 a.m.18 views

MAL-2026-3317 Malicious code in @apple-pay-trust/destroy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6515019a886959d905d728f0fdcebeb16aa3e62bcf2e2643c0424ba87aeb8f79 The package @apple-pay-trust/destroy was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/02 2:18 p.m.154 views

php-8.5.5-var_destroy-uaf

PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...

6AI score
Exploits0
NVD
NVD
added 2026/05/01 3:16 p.m.7 views

CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

5.5CVSS0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.3 views

CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

5.8AI score0.00107EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/01 2:15 p.m.4 views

CVE-2026-43021 Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

5.5CVSS6.2AI score0.00107EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 2:15 p.m.20 views

CVE-2026-43021

CVE-2026-43021 affects the Linux kernel Bluetooth hci_sync path. A failure in hci_cmd_sync_queue_once() can skip calling the destroy callback, causing leaks of references/memory. The issue manifests during error paths, potentially leaving resources allocated for the hci_sync queue. Public discuss...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.38 views

CVE-2026-43021 Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 1:56 p.m.11 views

EUVD-2026-26511

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 1:56 p.m.41 views

CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fscompresswriteendio In f2fscompresswriteendio, decpagecountsbi, type can bring the F2FSWBCPDATA counter to zero, unblocking f2fswaitonallpages in f2fsputsuper on a concurrent unmount CPU. The...

0.00119EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-36332

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the f2fs compress write end io function. The dec page countsbi, type function can reduce the F2FS WB CP DATA counter to zero, which may unblock f2fs wait...

9.8CVSS5.9AI score0.93235EPSS
Exploits60References294
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.5 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 6:16 p.m.12 views

CVE-2026-7145

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS0.00235EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 5:45 p.m.4 views

CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 5:45 p.m.8 views

EUVD-2026-25896

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS5.1AI score0.00235EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 5:45 p.m.32 views

CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.5CVSS0.00235EPSS
Exploits0References5
OSV
OSV
added 2026/04/27 5:45 p.m.4 views

CVE-2026-7145 mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attac...

5.3CVSS5.9AI score0.00235EPSS
Exploits0References7
CVE
CVE
added 2026/04/27 5:45 p.m.20 views

CVE-2026-7145

CVE-2026-7145 affects mettle SendPortal up to version 3.0.1. The vulnerability is in the destroy function of app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php (Invitation Handler), where manipulating the invitation argument leads to authorization bypass. The advisory states the a...

5.5CVSS5.6AI score0.00235EPSS
Exploits0References5
Rows per page
Query Builder